sslsplit

Have you ever wondered what would happen if you tried to connect to a website that was serving a certificate chain way longer than normal?  I know, me too.  Often times security research is about thinking outside the box, and this is just one of those times.  Plus we might learn a few things along the way.

I’m new here.  What is a certificate chain?

When you connect to a secure website, your browser uses a TLS certificate to verify the authenticity of the connection and to help set ensign tonyup the encryption of the connection.  The way that you know that the certificate is valid is either because you have seen it before and saved it as a remembered certificate(this is common in a self-signed certificate situation or with SSH), in most cases someone else that you trust “signs” the website’s certificate.  Allow me to use Star Trek The Next Generation characters(source) to illustrate how this works.  If you meet Ensign Tony at Ten Forward, the next time that you meet him you will know who he is based on what he looks or sounds like.  This is how self-signed certificates work.
Read Full Article